Merge pull request #1730 from github/update-v2.20.0-d5b7b3823

Merge main into releases/v2
Update changelog for v2.20.0
2025-12-25 16:50:21 +08:00 · 2023-06-13 11:22:32 -07:00 · 2023-06-13 17:50:40 +00:00 · 2023-06-13 17:46:13 +00:00 · 2023-06-12 21:16:13 +01:00 · 2023-06-12 19:31:25 +01:00
81 changed files with 614 additions and 400 deletions
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -85,9 +85,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__autobuild-action.yml
+++ b/.github/workflows/__autobuild-action.yml
@@ -49,9 +49,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -55,9 +55,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -61,9 +61,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -49,9 +49,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -45,9 +45,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -85,9 +85,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -71,9 +71,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -71,9 +71,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -71,9 +71,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__init-with-registries.yml
+++ b/.github/workflows/__init-with-registries.yml
@@ -62,9 +62,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -49,9 +49,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__ml-powered-queries.yml
+++ b/.github/workflows/__ml-powered-queries.yml
@@ -85,9 +85,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -71,9 +71,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -61,9 +61,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -61,9 +61,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -61,9 +61,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -61,9 +61,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -85,9 +85,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -45,9 +45,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__ruby.yml
+++ b/.github/workflows/__ruby.yml
@@ -55,9 +55,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -55,9 +55,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__submit-sarif-failure.yml
+++ b/.github/workflows/__submit-sarif-failure.yml
@@ -49,9 +49,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -55,9 +55,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@@ -45,9 +45,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -45,9 +45,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@@ -45,9 +45,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -57,9 +57,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -85,9 +85,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -85,9 +85,7 @@ jobs:
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
--- a/.github/workflows/debug-artifacts.yml
+++ b/.github/workflows/debug-artifacts.yml
@@ -56,7 +56,6 @@ jobs:
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
      - uses: ./../action/.github/actions/setup-swift
-        if: matrix.version == 'nightly-latest'
        with:
          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - name: Build code
--- a/.github/workflows/python-deps.yml
+++ b/.github/workflows/python-deps.yml
@@ -72,7 +72,7 @@ jobs:

    - name: Verify packages installed
      run: |
-        $GITHUB_WORKSPACE/python-setup/tests/check_requests_2_26_0.sh ${PYTHON_VERSION}
+        $GITHUB_WORKSPACE/python-setup/tests/check_requests.sh ${PYTHON_VERSION} 2.31.0

  # This one shouldn't fail, but also won't install packages
  test-setup-python-scripts-non-standard-location:
@@ -170,5 +170,5 @@ jobs:

    - name: Verify packages installed
      run: |
-        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests_2_26_0.ps1"
-        powershell -File $cmd $Env:PYTHON_VERSION
+        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests.ps1"
+        powershell -File $cmd $Env:PYTHON_VERSION 2.31.0
--- a/.github/workflows/update-supported-enterprise-server-versions.yml
+++ b/.github/workflows/update-supported-enterprise-server-versions.yml
@@ -35,14 +35,22 @@ jobs:
          npm run build
        env:
          ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
-      - name: Commit Changes
-        uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1
-        with:
-          commit-message: Update supported GitHub Enterprise Server versions.
-          title: Update supported GitHub Enterprise Server versions.
-          body: ""
-          author: GitHub <noreply@github.com>
-          branch: update-supported-enterprise-server-versions
-          draft: true
+
+      - name: Update git config
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Commit changes and open PR
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ -z $(git status --porcelain) ]]; then
+            echo "No changes to commit"
+          else
+            git checkout -b update-supported-enterprise-server-versions
+            git add .
+            git commit --message "Update supported GitHub Enterprise Server versions"
+            git push origin update-supported-enterprise-server-versions
+            gh pr create --fill --draft
+          fi
--- a/.github/workflows/update-supported-enterprise-server-versions/update.py
+++ b/.github/workflows/update-supported-enterprise-server-versions/update.py
@@ -35,7 +35,10 @@ def main():

 		if oldest_supported_release is None or release_version < oldest_supported_release:
 			end_of_life_date = datetime.date.fromisoformat(release_data["end"])
-			if end_of_life_date > datetime.date.today():
+			# The GHES version is not actually end of life until the end of the day specified by
+			# `end_of_life_date`. Wait an extra week to be safe.
+			is_end_of_life = datetime.date.today() > end_of_life_date + datetime.timedelta(weeks=1)
+			if not is_end_of_life:
 				oldest_supported_release = release_version

 	api_compatibility_data = {
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # CodeQL Action Changelog

+## 2.20.0 - 13 Jun 2023
+
+- Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to [`cdcdbb5`](https://github.com/github/codeql-action/commit/cdcdbb579706841c47f7063dda365e292e5cad7a), which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in [#1729](https://github.com/github/codeql-action/pull/1729)
+
+## 2.3.6 - 01 Jun 2023
+
+- Update default CodeQL bundle version to 2.13.3. [#1698](https://github.com/github/codeql-action/pull/1698)
+
 ## 2.3.5 - 25 May 2023

 - Allow invalid URIs to be used as values to `artifactLocation.uri` properties. This reverses a change from [#1668](https://github.com/github/codeql-action/pull/1668) that inadvertently led to stricter validation of some URI values. [#1705](https://github.com/github/codeql-action/pull/1705)
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.workflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionVersion = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionVersion = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -104,7 +104,7 @@ exports.getCommitOid = getCommitOid;
 * Returns undefined if run by other triggers or the merge base cannot be determined.
 */
 const determineMergeBaseCommitOid = async function () {
-    if (workflowEventName() !== "pull_request") {
+    if (getWorkflowEventName() !== "pull_request") {
        return undefined;
    }
    const mergeSha = (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
@@ -155,7 +155,7 @@ exports.determineMergeBaseCommitOid = determineMergeBaseCommitOid;
 *
 * This will combine the workflow path and current job name.
 * Computing this the first time requires making requests to
- * the github API, but after that the result will be cached.
+ * the GitHub API, but after that the result will be cached.
 */
 async function getAnalysisKey() {
    const analysisKeyEnvVar = "CODEQL_ACTION_ANALYSIS_KEY";
@@ -395,7 +395,8 @@ async function sendStatusReport(statusReport) {
        if ((0, util_1.isHTTPError)(e)) {
            switch (e.status) {
                case 403:
-                    if (workflowIsTriggeredByPushEvent() && isDependabotActor()) {
+                    if (getWorkflowEventName() === "push" &&
+                        process.env["GITHUB_ACTOR"] === "dependabot[bot]") {
                        core.setFailed('Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
                            "Uploading Code Scanning results requires write access. " +
                            'To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. ' +
@@ -428,42 +429,36 @@ async function sendStatusReport(statusReport) {
    }
 }
 exports.sendStatusReport = sendStatusReport;
-function workflowEventName() {
-    // If the original event is dynamic CODESCANNING_EVENT_NAME will contain the right info (push/pull_request)
-    if (process.env["GITHUB_EVENT_NAME"] === "dynamic") {
-        const value = process.env["CODESCANNING_EVENT_NAME"];
-        if (value === undefined || value.length === 0) {
-            return process.env["GITHUB_EVENT_NAME"];
-        }
-        return value;
-    }
-    return process.env["GITHUB_EVENT_NAME"];
+/**
+ * Returns the name of the event that triggered this workflow.
+ *
+ * This will be "dynamic" for default setup workflow runs.
+ */
+function getWorkflowEventName() {
+    return (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_NAME");
 }
-exports.workflowEventName = workflowEventName;
-// Was the workflow run triggered by a `push` event, for example as opposed to a `pull_request` event.
-function workflowIsTriggeredByPushEvent() {
-    return workflowEventName() === "push";
-}
-// Is dependabot the actor that triggered the current workflow run.
-function isDependabotActor() {
-    return process.env["GITHUB_ACTOR"] === "dependabot[bot]";
-}
-// Is the current action executing a local copy (i.e. we're running a workflow on the codeql-action repo itself)
-// as opposed to running a remote action (i.e. when another repo references us)
+exports.getWorkflowEventName = getWorkflowEventName;
+/**
+ * Returns whether the current workflow is executing a local copy of the Action, e.g. we're running
+ * a workflow on the codeql-action repo itself.
+ */
 function isRunningLocalAction() {
    const relativeScriptPath = getRelativeScriptPath();
    return (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath));
 }
 exports.isRunningLocalAction = isRunningLocalAction;
-// Get the location where the action is running from.
-// This can be used to get the actions name or tell if we're running a local action.
+/**
+ * Get the location where the Action is running from.
+ *
+ * This can be used to get the Action's name or tell if we're running a local Action.
+ */
 function getRelativeScriptPath() {
    const runnerTemp = (0, util_1.getRequiredEnvParam)("RUNNER_TEMP");
    const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
    return path.relative(actionsDirectory, __filename);
 }
 exports.getRelativeScriptPath = getRelativeScriptPath;
-// Reads the contents of GITHUB_EVENT_PATH as a JSON object
+/** Returns the contents of `GITHUB_EVENT_PATH` as a JSON object. */
 function getWorkflowEvent() {
    const eventJsonFile = (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_PATH");
    try {
@@ -476,10 +471,13 @@ function getWorkflowEvent() {
 function removeRefsHeadsPrefix(ref) {
    return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
 }
-// Returns whether we are analyzing the default branch for the repository.
-// For cases where the repository information might not be available (e.g.,
-// dynamic workflows), this can be forced by the environment variable
-// CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH.
+/**
+ * Returns whether we are analyzing the default branch for the repository.
+ *
+ * This first checks the environment variable `CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH`. This
+ * environment variable can be set in cases where repository information might not be available, for
+ * example dynamic workflows.
+ */
 async function isAnalyzingDefaultBranch() {
    if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") {
        return true;
@@ -489,8 +487,8 @@ async function isAnalyzingDefaultBranch() {
    currentRef = removeRefsHeadsPrefix(currentRef);
    const event = getWorkflowEvent();
    let defaultBranch = event?.repository?.default_branch;
-    if (process.env.GITHUB_EVENT_NAME === "schedule") {
-        defaultBranch = removeRefsHeadsPrefix((0, util_1.getRequiredEnvParam)("GITHUB_REF"));
+    if (getWorkflowEventName() === "schedule") {
+        defaultBranch = removeRefsHeadsPrefix(getRefFromEnv());
    }
    return currentRef === defaultBranch;
 }
@@ -524,7 +522,10 @@ async function printDebugLogs(config) {
    }
 }
 exports.printDebugLogs = printDebugLogs;
-// Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload inputs appropriately.
+/**
+ * Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload
+ * inputs appropriately.
+ */
 function getUploadValue(input) {
    switch (input) {
        case undefined:
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/actions-util.test.js
+++ b/lib/actions-util.test.js
@@ -172,6 +172,7 @@ const util_1 = require("./util");
    t.deepEqual(process.env.CODEQL_ACTION_VERSION, "1.2.3");
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
+    process.env["GITHUB_EVENT_NAME"] = "push";
    process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "true";
    t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
    process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "false";
@@ -210,12 +211,4 @@ const util_1 = require("./util");
        getAdditionalInputStub.restore();
    });
 });
-(0, ava_1.default)("workflowEventName()", async (t) => {
-    process.env["GITHUB_EVENT_NAME"] = "push";
-    t.deepEqual(actionsutil.workflowEventName(), "push");
-    process.env["GITHUB_EVENT_NAME"] = "dynamic";
-    t.deepEqual(actionsutil.workflowEventName(), "dynamic");
-    process.env["CODESCANNING_EVENT_NAME"] = "push";
-    t.deepEqual(actionsutil.workflowEventName(), "push");
-});
 //# sourceMappingURL=actions-util.test.js.map
--- a/lib/actions-util.test.js.map
+++ b/lib/actions-util.test.js.map
--- a/lib/analyze.js
+++ b/lib/analyze.js
@@ -54,7 +54,7 @@ async function setupPythonExtractor(logger, features, codeql) {
        // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
        return;
    }
-    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
        logger.warning("We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
            "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.");
        return;
@@ -209,7 +209,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                logger.endGroup();
                logger.info(analysisSummary);
            }
-            logger.info(await runPrintLinesOfCode(language));
+            await runPrintLinesOfCode(language);
        }
        catch (e) {
            logger.info(String(e));
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/lib/api-compatibility.json
+++ b/lib/api-compatibility.json
@@ -1 +1 @@
-{ "maximumVersion": "3.9", "minimumVersion": "3.5" }
+{ "maximumVersion": "3.10", "minimumVersion": "3.6" }
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230428",
-    "cliVersion": "2.13.1",
-    "priorBundleVersion": "codeql-bundle-20230414",
-    "priorCliVersion": "2.13.0"
+    "bundleVersion": "codeql-bundle-20230524",
+    "cliVersion": "2.13.3",
+    "priorBundleVersion": "codeql-bundle-20230428",
+    "priorCliVersion": "2.13.1"
 }
--- a/lib/feature-flags.js
+++ b/lib/feature-flags.js
@@ -36,11 +36,11 @@ var Feature;
 (function (Feature) {
    Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
    Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
+    Feature["DisablePythonDependencyInstallationEnabled"] = "disable_python_dependency_installation_enabled";
    Feature["ExportCodeScanningConfigEnabled"] = "export_code_scanning_config_enabled";
    Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
    Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
    Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
-    Feature["DisablePythonDependencyInstallation"] = "disable_python_dependency_installation";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
    [Feature.DisableKotlinAnalysisEnabled]: {
@@ -73,7 +73,7 @@ exports.featureConfig = {
        minimumVersion: "2.11.3",
        defaultValue: true,
    },
-    [Feature.DisablePythonDependencyInstallation]: {
+    [Feature.DisablePythonDependencyInstallationEnabled]: {
        envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
        // Although the python extractor only started supporting not extracting installed
        // dependencies in 2.13.1, the init-action can still benefit from not installing
--- a/lib/feature-flags.js.map
+++ b/lib/feature-flags.js.map
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -136,7 +136,7 @@ async function run() {
        (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(), (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME, (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), codeql, (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), gitHubVersion, apiDetails, features, logger);
        if (config.languages.includes(languages_1.Language.python) &&
            (0, actions_util_1.getRequiredInput)("setup-python-dependencies") === "true") {
-            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
                logger.info("Skipping python dependency installation");
            }
            else {
@@ -176,7 +176,7 @@ async function run() {
            core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
        }
        // Disable Python dependency extraction if feature flag set
-        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
        }
        const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
--- a/lib/init-action.js.map
+++ b/lib/init-action.js.map
--- a/lib/trap-caching.js
+++ b/lib/trap-caching.js
@@ -91,7 +91,7 @@ async function downloadTrapCaches(codeql, languages, logger) {
    }
    let baseSha = "unknown";
    const eventPath = process.env.GITHUB_EVENT_PATH;
-    if (actionsUtil.workflowEventName() === "pull_request" &&
+    if (actionsUtil.getWorkflowEventName() === "pull_request" &&
        eventPath !== undefined) {
        const event = JSON.parse(fs.readFileSync(path.resolve(eventPath), "utf-8"));
        baseSha = event.pull_request?.base?.sha || baseSha;
--- a/lib/trap-caching.js.map
+++ b/lib/trap-caching.js.map
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -220,7 +220,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
        base_ref: undefined,
        base_sha: undefined,
    };
-    if (actionsUtil.workflowEventName() === "pull_request") {
+    if (actionsUtil.getWorkflowEventName() === "pull_request") {
        if (commitOid === util.getRequiredEnvParam("GITHUB_SHA") &&
            mergeBaseCommitOid) {
            // We're uploading results for the merge commit
--- a/lib/upload-lib.js.map
+++ b/lib/upload-lib.js.map
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.3.5",
+  "version": "2.20.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "2.3.5",
+  "version": "2.20.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "2.3.5",
+      "version": "2.20.0",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^1.1.0",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.3.5",
+  "version": "2.20.0",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
--- a/pr-checks/sync.py
+++ b/pr-checks/sync.py
@@ -81,9 +81,7 @@ for file in os.listdir('checks'):
            'if': FoldedScalarString(textwrap.dedent('''
                runner.os != 'Windows' && (
                    matrix.version == '20220908' ||
-                    matrix.version == '20221211' ||
-                    matrix.version == 'cached' ||
-                    matrix.version == 'latest'
+                    matrix.version == '20221211'
                )
            ''').strip()),
            'shell': 'bash',
--- a/python-setup/tests/check_requests.ps1
+++ b/python-setup/tests/check_requests.ps1
@@ -0,0 +1,27 @@
+#! /usr/bin/pwsh
+
+$EXPECTED_PYTHON_VERSION=$args[0]
+$EXPECTED_REQUESTS_VERSION=$args[1]
+
+$FOUND_PYTHON_VERSION="$Env:LGTM_PYTHON_SETUP_VERSION"
+$FOUND_PYTHONPATH="$Env:LGTM_INDEX_IMPORT_PATH"
+
+write-host "FOUND_PYTHON_VERSION=$FOUND_PYTHON_VERSION FOUND_PYTHONPATH=$FOUND_PYTHONPATH "
+
+if ($FOUND_PYTHON_VERSION -ne $EXPECTED_PYTHON_VERSION) {
+    write-host "Script told us to use Python $FOUND_PYTHON_VERSION, but expected $EXPECTED_PYTHON_VERSION"
+    exit 1
+} else {
+    write-host "Script told us to use Python $FOUND_PYTHON_VERSION, which was expected"
+}
+
+$env:PYTHONPATH=$FOUND_PYTHONPATH
+
+$INSTALLED_REQUESTS_VERSION = (py -3 -c "import requests; print(requests.__version__)")
+
+if ($INSTALLED_REQUESTS_VERSION -ne $EXPECTED_REQUESTS_VERSION) {
+    write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS_VERSION"
+    exit 1
+} else {
+    write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
+}
--- a/python-setup/tests/check_requests.sh
+++ b/python-setup/tests/check_requests.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+EXPECTED_PYTHON_VERSION=$1
+EXPECTED_REQUESTS_VERSION=$2
+
+FOUND_PYTHON_VERSION="$LGTM_PYTHON_SETUP_VERSION"
+FOUND_PYTHONPATH="$LGTM_INDEX_IMPORT_PATH"
+
+echo "FOUND_PYTHON_VERSION=${FOUND_PYTHON_VERSION} FOUND_PYTHONPATH=${FOUND_PYTHONPATH} "
+
+if [[ $FOUND_PYTHON_VERSION != $EXPECTED_PYTHON_VERSION ]]; then
+    echo "Script told us to use Python ${FOUND_PYTHON_VERSION}, but expected ${EXPECTED_PYTHON_VERSION}"
+    exit 1
+else
+    echo "Script told us to use Python ${FOUND_PYTHON_VERSION}, which was expected"
+fi
+
+PYTHON_EXE="python${EXPECTED_PYTHON_VERSION}"
+
+INSTALLED_REQUESTS_VERSION=$(PYTHONPATH="${FOUND_PYTHONPATH}" "${PYTHON_EXE}" -c 'import requests; print(requests.__version__)')
+
+if [[ "$INSTALLED_REQUESTS_VERSION" != "$EXPECTED_REQUESTS_VERSION" ]]; then
+    echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS_VERSION"
+    exit 1
+else
+    echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
+fi
--- a/python-setup/tests/check_requests_2_26_0.ps1
+++ b/python-setup/tests/check_requests_2_26_0.ps1
@@ -1,28 +0,0 @@
-#! /usr/bin/pwsh
-
-$EXPECTED_VERSION=$args[0]
-
-$FOUND_VERSION="$Env:LGTM_PYTHON_SETUP_VERSION"
-$FOUND_PYTHONPATH="$Env:LGTM_INDEX_IMPORT_PATH"
-
-write-host "FOUND_VERSION=$FOUND_VERSION FOUND_PYTHONPATH=$FOUND_PYTHONPATH "
-
-if ($FOUND_VERSION -ne $EXPECTED_VERSION) {
-    write-host "Script told us to use Python $FOUND_VERSION, but expected $EXPECTED_VERSION"
-    exit 1
-} else {
-    write-host "Script told us to use Python $FOUND_VERSION, which was expected"
-}
-
-$env:PYTHONPATH=$FOUND_PYTHONPATH
-
-$INSTALLED_REQUESTS_VERSION = (py -3 -c "import requests; print(requests.__version__)")
-
-$EXPECTED_REQUESTS="2.26.0"
-
-if ($INSTALLED_REQUESTS_VERSION -ne $EXPECTED_REQUESTS) {
-    write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS"
-    exit 1
-} else {
-    write-host "Using $FOUND_PYTHONPATH as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
-}
--- a/python-setup/tests/check_requests_2_26_0.sh
+++ b/python-setup/tests/check_requests_2_26_0.sh
@@ -1,32 +0,0 @@
-#!/bin/bash
-
-set -e
-
-SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-
-EXPECTED_VERSION=$1
-
-FOUND_VERSION="$LGTM_PYTHON_SETUP_VERSION"
-FOUND_PYTHONPATH="$LGTM_INDEX_IMPORT_PATH"
-
-echo "FOUND_VERSION=${FOUND_VERSION} FOUND_PYTHONPATH=${FOUND_PYTHONPATH} "
-
-if [[ $FOUND_VERSION != $EXPECTED_VERSION ]]; then
-    echo "Script told us to use Python ${FOUND_VERSION}, but expected ${EXPECTED_VERSION}"
-    exit 1
-else
-    echo "Script told us to use Python ${FOUND_VERSION}, which was expected"
-fi
-
-PYTHON_EXE="python${EXPECTED_VERSION}"
-
-INSTALLED_REQUESTS_VERSION=$(PYTHONPATH="${FOUND_PYTHONPATH}" "${PYTHON_EXE}" -c 'import requests; print(requests.__version__)')
-
-EXPECTED_REQUESTS="2.26.0"
-
-if [[ "$INSTALLED_REQUESTS_VERSION" != "$EXPECTED_REQUESTS" ]]; then
-    echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, but expected $EXPECTED_REQUESTS"
-    exit 1
-else
-    echo "Using ${FOUND_PYTHONPATH} as PYTHONPATH, we found version $INSTALLED_REQUESTS_VERSION of requests, which was expected"
-fi
--- a/python-setup/tests/pipenv/python-3.8/Pipfile.lock
+++ b/python-setup/tests/pipenv/python-3.8/Pipfile.lock
@@ -18,43 +18,116 @@
    "default": {
        "certifi": {
            "hashes": [
-                "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3",
-                "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"
+                "sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7",
+                "sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716"
            ],
-            "index": "pypi",
-            "version": "==2022.12.7"
+            "markers": "python_version >= '3.6'",
+            "version": "==2023.5.7"
        },
        "charset-normalizer": {
            "hashes": [
-                "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
-                "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
+                "sha256:04afa6387e2b282cf78ff3dbce20f0cc071c12dc8f685bd40960cc68644cfea6",
+                "sha256:04eefcee095f58eaabe6dc3cc2262f3bcd776d2c67005880894f447b3f2cb9c1",
+                "sha256:0be65ccf618c1e7ac9b849c315cc2e8a8751d9cfdaa43027d4f6624bd587ab7e",
+                "sha256:0c95f12b74681e9ae127728f7e5409cbbef9cd914d5896ef238cc779b8152373",
+                "sha256:0ca564606d2caafb0abe6d1b5311c2649e8071eb241b2d64e75a0d0065107e62",
+                "sha256:10c93628d7497c81686e8e5e557aafa78f230cd9e77dd0c40032ef90c18f2230",
+                "sha256:11d117e6c63e8f495412d37e7dc2e2fff09c34b2d09dbe2bee3c6229577818be",
+                "sha256:11d3bcb7be35e7b1bba2c23beedac81ee893ac9871d0ba79effc7fc01167db6c",
+                "sha256:12a2b561af122e3d94cdb97fe6fb2bb2b82cef0cdca131646fdb940a1eda04f0",
+                "sha256:12d1a39aa6b8c6f6248bb54550efcc1c38ce0d8096a146638fd4738e42284448",
+                "sha256:1435ae15108b1cb6fffbcea2af3d468683b7afed0169ad718451f8db5d1aff6f",
+                "sha256:1c60b9c202d00052183c9be85e5eaf18a4ada0a47d188a83c8f5c5b23252f649",
+                "sha256:1e8fcdd8f672a1c4fc8d0bd3a2b576b152d2a349782d1eb0f6b8e52e9954731d",
+                "sha256:20064ead0717cf9a73a6d1e779b23d149b53daf971169289ed2ed43a71e8d3b0",
+                "sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706",
+                "sha256:22908891a380d50738e1f978667536f6c6b526a2064156203d418f4856d6e86a",
+                "sha256:3160a0fd9754aab7d47f95a6b63ab355388d890163eb03b2d2b87ab0a30cfa59",
+                "sha256:322102cdf1ab682ecc7d9b1c5eed4ec59657a65e1c146a0da342b78f4112db23",
+                "sha256:34e0a2f9c370eb95597aae63bf85eb5e96826d81e3dcf88b8886012906f509b5",
+                "sha256:3573d376454d956553c356df45bb824262c397c6e26ce43e8203c4c540ee0acb",
+                "sha256:3747443b6a904001473370d7810aa19c3a180ccd52a7157aacc264a5ac79265e",
+                "sha256:38e812a197bf8e71a59fe55b757a84c1f946d0ac114acafaafaf21667a7e169e",
+                "sha256:3a06f32c9634a8705f4ca9946d667609f52cf130d5548881401f1eb2c39b1e2c",
+                "sha256:3a5fc78f9e3f501a1614a98f7c54d3969f3ad9bba8ba3d9b438c3bc5d047dd28",
+                "sha256:3d9098b479e78c85080c98e1e35ff40b4a31d8953102bb0fd7d1b6f8a2111a3d",
+                "sha256:3dc5b6a8ecfdc5748a7e429782598e4f17ef378e3e272eeb1340ea57c9109f41",
+                "sha256:4155b51ae05ed47199dc5b2a4e62abccb274cee6b01da5b895099b61b1982974",
+                "sha256:49919f8400b5e49e961f320c735388ee686a62327e773fa5b3ce6721f7e785ce",
+                "sha256:53d0a3fa5f8af98a1e261de6a3943ca631c526635eb5817a87a59d9a57ebf48f",
+                "sha256:5f008525e02908b20e04707a4f704cd286d94718f48bb33edddc7d7b584dddc1",
+                "sha256:628c985afb2c7d27a4800bfb609e03985aaecb42f955049957814e0491d4006d",
+                "sha256:65ed923f84a6844de5fd29726b888e58c62820e0769b76565480e1fdc3d062f8",
+                "sha256:6734e606355834f13445b6adc38b53c0fd45f1a56a9ba06c2058f86893ae8017",
+                "sha256:6baf0baf0d5d265fa7944feb9f7451cc316bfe30e8df1a61b1bb08577c554f31",
+                "sha256:6f4f4668e1831850ebcc2fd0b1cd11721947b6dc7c00bf1c6bd3c929ae14f2c7",
+                "sha256:6f5c2e7bc8a4bf7c426599765b1bd33217ec84023033672c1e9a8b35eaeaaaf8",
+                "sha256:6f6c7a8a57e9405cad7485f4c9d3172ae486cfef1344b5ddd8e5239582d7355e",
+                "sha256:7381c66e0561c5757ffe616af869b916c8b4e42b367ab29fedc98481d1e74e14",
+                "sha256:73dc03a6a7e30b7edc5b01b601e53e7fc924b04e1835e8e407c12c037e81adbd",
+                "sha256:74db0052d985cf37fa111828d0dd230776ac99c740e1a758ad99094be4f1803d",
+                "sha256:75f2568b4189dda1c567339b48cba4ac7384accb9c2a7ed655cd86b04055c795",
+                "sha256:78cacd03e79d009d95635e7d6ff12c21eb89b894c354bd2b2ed0b4763373693b",
+                "sha256:80d1543d58bd3d6c271b66abf454d437a438dff01c3e62fdbcd68f2a11310d4b",
+                "sha256:830d2948a5ec37c386d3170c483063798d7879037492540f10a475e3fd6f244b",
+                "sha256:891cf9b48776b5c61c700b55a598621fdb7b1e301a550365571e9624f270c203",
+                "sha256:8f25e17ab3039b05f762b0a55ae0b3632b2e073d9c8fc88e89aca31a6198e88f",
+                "sha256:9a3267620866c9d17b959a84dd0bd2d45719b817245e49371ead79ed4f710d19",
+                "sha256:a04f86f41a8916fe45ac5024ec477f41f886b3c435da2d4e3d2709b22ab02af1",
+                "sha256:aaf53a6cebad0eae578f062c7d462155eada9c172bd8c4d250b8c1d8eb7f916a",
+                "sha256:abc1185d79f47c0a7aaf7e2412a0eb2c03b724581139193d2d82b3ad8cbb00ac",
+                "sha256:ac0aa6cd53ab9a31d397f8303f92c42f534693528fafbdb997c82bae6e477ad9",
+                "sha256:ac3775e3311661d4adace3697a52ac0bab17edd166087d493b52d4f4f553f9f0",
+                "sha256:b06f0d3bf045158d2fb8837c5785fe9ff9b8c93358be64461a1089f5da983137",
+                "sha256:b116502087ce8a6b7a5f1814568ccbd0e9f6cfd99948aa59b0e241dc57cf739f",
+                "sha256:b82fab78e0b1329e183a65260581de4375f619167478dddab510c6c6fb04d9b6",
+                "sha256:bd7163182133c0c7701b25e604cf1611c0d87712e56e88e7ee5d72deab3e76b5",
+                "sha256:c36bcbc0d5174a80d6cccf43a0ecaca44e81d25be4b7f90f0ed7bcfbb5a00909",
+                "sha256:c3af8e0f07399d3176b179f2e2634c3ce9c1301379a6b8c9c9aeecd481da494f",
+                "sha256:c84132a54c750fda57729d1e2599bb598f5fa0344085dbde5003ba429a4798c0",
+                "sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324",
+                "sha256:cca4def576f47a09a943666b8f829606bcb17e2bc2d5911a46c8f8da45f56755",
+                "sha256:cf6511efa4801b9b38dc5546d7547d5b5c6ef4b081c60b23e4d941d0eba9cbeb",
+                "sha256:d16fd5252f883eb074ca55cb622bc0bee49b979ae4e8639fff6ca3ff44f9f854",
+                "sha256:d2686f91611f9e17f4548dbf050e75b079bbc2a82be565832bc8ea9047b61c8c",
+                "sha256:d7fc3fca01da18fbabe4625d64bb612b533533ed10045a2ac3dd194bfa656b60",
+                "sha256:dd5653e67b149503c68c4018bf07e42eeed6b4e956b24c00ccdf93ac79cdff84",
+                "sha256:de5695a6f1d8340b12a5d6d4484290ee74d61e467c39ff03b39e30df62cf83a0",
+                "sha256:e0ac8959c929593fee38da1c2b64ee9778733cdf03c482c9ff1d508b6b593b2b",
+                "sha256:e1b25e3ad6c909f398df8921780d6a3d120d8c09466720226fc621605b6f92b1",
+                "sha256:e633940f28c1e913615fd624fcdd72fdba807bf53ea6925d6a588e84e1151531",
+                "sha256:e89df2958e5159b811af9ff0f92614dabf4ff617c03a4c1c6ff53bf1c399e0e1",
+                "sha256:ea9f9c6034ea2d93d9147818f17c2a0860d41b71c38b9ce4d55f21b6f9165a11",
+                "sha256:f645caaf0008bacf349875a974220f1f1da349c5dbe7c4ec93048cdc785a3326",
+                "sha256:f8303414c7b03f794347ad062c0516cee0e15f7a612abd0ce1e25caf6ceb47df",
+                "sha256:fca62a8301b605b954ad2e9c3666f9d97f63872aa4efcae5492baca2056b74ab"
            ],
-            "markers": "python_version >= '3'",
-            "version": "==2.0.12"
+            "markers": "python_full_version >= '3.7.0'",
+            "version": "==3.1.0"
        },
        "idna": {
            "hashes": [
                "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4",
                "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"
            ],
-            "markers": "python_version >= '3'",
+            "markers": "python_version >= '3.5'",
            "version": "==3.4"
        },
        "requests": {
            "hashes": [
-                "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24",
-                "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
+                "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f",
+                "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"
            ],
            "index": "pypi",
-            "version": "==2.26.0"
+            "version": "==2.31.0"
        },
        "urllib3": {
            "hashes": [
-                "sha256:47cc05d99aaa09c9e72ed5809b60e7ba354e64b59c9c173ac3018642d8bb41fc",
-                "sha256:c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8"
+                "sha256:61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc",
+                "sha256:d055c2f9d38dc53c808f6fdc8eab7360b6fdbbde02340ed25cfbcd817c62469e"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
-            "version": "==1.26.13"
+            "markers": "python_version >= '3.7'",
+            "version": "==2.0.2"
        }
    },
    "develop": {}
--- a/python-setup/tests/pipenv/requests-3/Pipfile.lock
+++ b/python-setup/tests/pipenv/requests-3/Pipfile.lock
@@ -16,43 +16,116 @@
    "default": {
        "certifi": {
            "hashes": [
-                "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3",
-                "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"
+                "sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7",
+                "sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716"
            ],
-            "index": "pypi",
-            "version": "==2022.12.7"
+            "markers": "python_version >= '3.6'",
+            "version": "==2023.5.7"
        },
        "charset-normalizer": {
            "hashes": [
-                "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
-                "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
+                "sha256:04afa6387e2b282cf78ff3dbce20f0cc071c12dc8f685bd40960cc68644cfea6",
+                "sha256:04eefcee095f58eaabe6dc3cc2262f3bcd776d2c67005880894f447b3f2cb9c1",
+                "sha256:0be65ccf618c1e7ac9b849c315cc2e8a8751d9cfdaa43027d4f6624bd587ab7e",
+                "sha256:0c95f12b74681e9ae127728f7e5409cbbef9cd914d5896ef238cc779b8152373",
+                "sha256:0ca564606d2caafb0abe6d1b5311c2649e8071eb241b2d64e75a0d0065107e62",
+                "sha256:10c93628d7497c81686e8e5e557aafa78f230cd9e77dd0c40032ef90c18f2230",
+                "sha256:11d117e6c63e8f495412d37e7dc2e2fff09c34b2d09dbe2bee3c6229577818be",
+                "sha256:11d3bcb7be35e7b1bba2c23beedac81ee893ac9871d0ba79effc7fc01167db6c",
+                "sha256:12a2b561af122e3d94cdb97fe6fb2bb2b82cef0cdca131646fdb940a1eda04f0",
+                "sha256:12d1a39aa6b8c6f6248bb54550efcc1c38ce0d8096a146638fd4738e42284448",
+                "sha256:1435ae15108b1cb6fffbcea2af3d468683b7afed0169ad718451f8db5d1aff6f",
+                "sha256:1c60b9c202d00052183c9be85e5eaf18a4ada0a47d188a83c8f5c5b23252f649",
+                "sha256:1e8fcdd8f672a1c4fc8d0bd3a2b576b152d2a349782d1eb0f6b8e52e9954731d",
+                "sha256:20064ead0717cf9a73a6d1e779b23d149b53daf971169289ed2ed43a71e8d3b0",
+                "sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706",
+                "sha256:22908891a380d50738e1f978667536f6c6b526a2064156203d418f4856d6e86a",
+                "sha256:3160a0fd9754aab7d47f95a6b63ab355388d890163eb03b2d2b87ab0a30cfa59",
+                "sha256:322102cdf1ab682ecc7d9b1c5eed4ec59657a65e1c146a0da342b78f4112db23",
+                "sha256:34e0a2f9c370eb95597aae63bf85eb5e96826d81e3dcf88b8886012906f509b5",
+                "sha256:3573d376454d956553c356df45bb824262c397c6e26ce43e8203c4c540ee0acb",
+                "sha256:3747443b6a904001473370d7810aa19c3a180ccd52a7157aacc264a5ac79265e",
+                "sha256:38e812a197bf8e71a59fe55b757a84c1f946d0ac114acafaafaf21667a7e169e",
+                "sha256:3a06f32c9634a8705f4ca9946d667609f52cf130d5548881401f1eb2c39b1e2c",
+                "sha256:3a5fc78f9e3f501a1614a98f7c54d3969f3ad9bba8ba3d9b438c3bc5d047dd28",
+                "sha256:3d9098b479e78c85080c98e1e35ff40b4a31d8953102bb0fd7d1b6f8a2111a3d",
+                "sha256:3dc5b6a8ecfdc5748a7e429782598e4f17ef378e3e272eeb1340ea57c9109f41",
+                "sha256:4155b51ae05ed47199dc5b2a4e62abccb274cee6b01da5b895099b61b1982974",
+                "sha256:49919f8400b5e49e961f320c735388ee686a62327e773fa5b3ce6721f7e785ce",
+                "sha256:53d0a3fa5f8af98a1e261de6a3943ca631c526635eb5817a87a59d9a57ebf48f",
+                "sha256:5f008525e02908b20e04707a4f704cd286d94718f48bb33edddc7d7b584dddc1",
+                "sha256:628c985afb2c7d27a4800bfb609e03985aaecb42f955049957814e0491d4006d",
+                "sha256:65ed923f84a6844de5fd29726b888e58c62820e0769b76565480e1fdc3d062f8",
+                "sha256:6734e606355834f13445b6adc38b53c0fd45f1a56a9ba06c2058f86893ae8017",
+                "sha256:6baf0baf0d5d265fa7944feb9f7451cc316bfe30e8df1a61b1bb08577c554f31",
+                "sha256:6f4f4668e1831850ebcc2fd0b1cd11721947b6dc7c00bf1c6bd3c929ae14f2c7",
+                "sha256:6f5c2e7bc8a4bf7c426599765b1bd33217ec84023033672c1e9a8b35eaeaaaf8",
+                "sha256:6f6c7a8a57e9405cad7485f4c9d3172ae486cfef1344b5ddd8e5239582d7355e",
+                "sha256:7381c66e0561c5757ffe616af869b916c8b4e42b367ab29fedc98481d1e74e14",
+                "sha256:73dc03a6a7e30b7edc5b01b601e53e7fc924b04e1835e8e407c12c037e81adbd",
+                "sha256:74db0052d985cf37fa111828d0dd230776ac99c740e1a758ad99094be4f1803d",
+                "sha256:75f2568b4189dda1c567339b48cba4ac7384accb9c2a7ed655cd86b04055c795",
+                "sha256:78cacd03e79d009d95635e7d6ff12c21eb89b894c354bd2b2ed0b4763373693b",
+                "sha256:80d1543d58bd3d6c271b66abf454d437a438dff01c3e62fdbcd68f2a11310d4b",
+                "sha256:830d2948a5ec37c386d3170c483063798d7879037492540f10a475e3fd6f244b",
+                "sha256:891cf9b48776b5c61c700b55a598621fdb7b1e301a550365571e9624f270c203",
+                "sha256:8f25e17ab3039b05f762b0a55ae0b3632b2e073d9c8fc88e89aca31a6198e88f",
+                "sha256:9a3267620866c9d17b959a84dd0bd2d45719b817245e49371ead79ed4f710d19",
+                "sha256:a04f86f41a8916fe45ac5024ec477f41f886b3c435da2d4e3d2709b22ab02af1",
+                "sha256:aaf53a6cebad0eae578f062c7d462155eada9c172bd8c4d250b8c1d8eb7f916a",
+                "sha256:abc1185d79f47c0a7aaf7e2412a0eb2c03b724581139193d2d82b3ad8cbb00ac",
+                "sha256:ac0aa6cd53ab9a31d397f8303f92c42f534693528fafbdb997c82bae6e477ad9",
+                "sha256:ac3775e3311661d4adace3697a52ac0bab17edd166087d493b52d4f4f553f9f0",
+                "sha256:b06f0d3bf045158d2fb8837c5785fe9ff9b8c93358be64461a1089f5da983137",
+                "sha256:b116502087ce8a6b7a5f1814568ccbd0e9f6cfd99948aa59b0e241dc57cf739f",
+                "sha256:b82fab78e0b1329e183a65260581de4375f619167478dddab510c6c6fb04d9b6",
+                "sha256:bd7163182133c0c7701b25e604cf1611c0d87712e56e88e7ee5d72deab3e76b5",
+                "sha256:c36bcbc0d5174a80d6cccf43a0ecaca44e81d25be4b7f90f0ed7bcfbb5a00909",
+                "sha256:c3af8e0f07399d3176b179f2e2634c3ce9c1301379a6b8c9c9aeecd481da494f",
+                "sha256:c84132a54c750fda57729d1e2599bb598f5fa0344085dbde5003ba429a4798c0",
+                "sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324",
+                "sha256:cca4def576f47a09a943666b8f829606bcb17e2bc2d5911a46c8f8da45f56755",
+                "sha256:cf6511efa4801b9b38dc5546d7547d5b5c6ef4b081c60b23e4d941d0eba9cbeb",
+                "sha256:d16fd5252f883eb074ca55cb622bc0bee49b979ae4e8639fff6ca3ff44f9f854",
+                "sha256:d2686f91611f9e17f4548dbf050e75b079bbc2a82be565832bc8ea9047b61c8c",
+                "sha256:d7fc3fca01da18fbabe4625d64bb612b533533ed10045a2ac3dd194bfa656b60",
+                "sha256:dd5653e67b149503c68c4018bf07e42eeed6b4e956b24c00ccdf93ac79cdff84",
+                "sha256:de5695a6f1d8340b12a5d6d4484290ee74d61e467c39ff03b39e30df62cf83a0",
+                "sha256:e0ac8959c929593fee38da1c2b64ee9778733cdf03c482c9ff1d508b6b593b2b",
+                "sha256:e1b25e3ad6c909f398df8921780d6a3d120d8c09466720226fc621605b6f92b1",
+                "sha256:e633940f28c1e913615fd624fcdd72fdba807bf53ea6925d6a588e84e1151531",
+                "sha256:e89df2958e5159b811af9ff0f92614dabf4ff617c03a4c1c6ff53bf1c399e0e1",
+                "sha256:ea9f9c6034ea2d93d9147818f17c2a0860d41b71c38b9ce4d55f21b6f9165a11",
+                "sha256:f645caaf0008bacf349875a974220f1f1da349c5dbe7c4ec93048cdc785a3326",
+                "sha256:f8303414c7b03f794347ad062c0516cee0e15f7a612abd0ce1e25caf6ceb47df",
+                "sha256:fca62a8301b605b954ad2e9c3666f9d97f63872aa4efcae5492baca2056b74ab"
            ],
-            "markers": "python_version >= '3'",
-            "version": "==2.0.12"
+            "markers": "python_full_version >= '3.7.0'",
+            "version": "==3.1.0"
        },
        "idna": {
            "hashes": [
                "sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4",
                "sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2"
            ],
-            "markers": "python_version >= '3'",
+            "markers": "python_version >= '3.5'",
            "version": "==3.4"
        },
        "requests": {
            "hashes": [
-                "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24",
-                "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
+                "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f",
+                "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"
            ],
            "index": "pypi",
-            "version": "==2.26.0"
+            "version": "==2.31.0"
        },
        "urllib3": {
            "hashes": [
-                "sha256:47cc05d99aaa09c9e72ed5809b60e7ba354e64b59c9c173ac3018642d8bb41fc",
-                "sha256:c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8"
+                "sha256:61717a1095d7e155cdb737ac7bb2f4324a858a1e2e6466f6d03ff630ca68d3cc",
+                "sha256:d055c2f9d38dc53c808f6fdc8eab7360b6fdbbde02340ed25cfbcd817c62469e"
            ],
-            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'",
-            "version": "==1.26.13"
+            "markers": "python_version >= '3.7'",
+            "version": "==2.0.2"
        }
    },
    "develop": {}
--- a/python-setup/tests/poetry/python-3.8/poetry.lock
+++ b/python-setup/tests/poetry/python-3.8/poetry.lock
@@ -1,3 +1,5 @@
+# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
+
 [[package]]
 name = "certifi"
 version = "2022.12.7"
@@ -5,6 +7,10 @@ description = "Python package for providing Mozilla's CA Bundle."
 category = "main"
 optional = false
 python-versions = ">=3.6"
+files = [
+    {file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
+    {file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
+]

 [[package]]
 name = "charset-normalizer"
@@ -13,6 +19,10 @@ description = "The Real First Universal Charset Detector. Open, modern and activ
 category = "main"
 optional = false
 python-versions = ">=3.5.0"
+files = [
+    {file = "charset-normalizer-2.0.7.tar.gz", hash = "sha256:e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"},
+    {file = "charset_normalizer-2.0.7-py3-none-any.whl", hash = "sha256:f7af805c321bfa1ce6714c51f254e0d5bb5e5834039bc17db7ebe3a4cec9492b"},
+]

 [package.extras]
 unicode-backport = ["unicodedata2"]
@@ -24,24 +34,32 @@ description = "Internationalized Domain Names in Applications (IDNA)"
 category = "main"
 optional = false
 python-versions = ">=3.5"
+files = [
+    {file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"},
+    {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
+]

 [[package]]
 name = "requests"
-version = "2.26.0"
+version = "2.31.0"
 description = "Python HTTP for Humans."
 category = "main"
 optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
+python-versions = ">=3.7"
+files = [
+    {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"},
+    {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"},
+]

 [package.dependencies]
 certifi = ">=2017.4.17"
-charset-normalizer = {version = ">=2.0.0,<2.1.0", markers = "python_version >= \"3\""}
-idna = {version = ">=2.5,<4", markers = "python_version >= \"3\""}
-urllib3 = ">=1.21.1,<1.27"
+charset-normalizer = ">=2,<4"
+idna = ">=2.5,<4"
+urllib3 = ">=1.21.1,<3"

 [package.extras]
-socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
-use-chardet-on-py3 = ["chardet (>=3.0.2,<5)"]
+socks = ["PySocks (>=1.5.6,!=1.5.7)"]
+use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]

 [[package]]
 name = "urllib3"
@@ -50,6 +68,10 @@ description = "HTTP library with thread-safe connection pooling, file post, and
 category = "main"
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
+files = [
+    {file = "urllib3-1.26.7-py2.py3-none-any.whl", hash = "sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844"},
+    {file = "urllib3-1.26.7.tar.gz", hash = "sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece"},
+]

 [package.extras]
 brotli = ["brotlipy (>=0.6.0)"]
@@ -57,28 +79,6 @@ secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "p
 socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]

 [metadata]
-lock-version = "1.1"
+lock-version = "2.0"
 python-versions = "^3.8"
 content-hash = "fabc9cabf9f18437e7b9ea3dbd1895a5a118239c17b3d097c465a290707e6bfd"
-
-[metadata.files]
-certifi = [
-    {file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
-    {file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
-]
-charset-normalizer = [
-    {file = "charset-normalizer-2.0.7.tar.gz", hash = "sha256:e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"},
-    {file = "charset_normalizer-2.0.7-py3-none-any.whl", hash = "sha256:f7af805c321bfa1ce6714c51f254e0d5bb5e5834039bc17db7ebe3a4cec9492b"},
-]
-idna = [
-    {file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"},
-    {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
-]
-requests = [
-    {file = "requests-2.26.0-py2.py3-none-any.whl", hash = "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24"},
-    {file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"},
-]
-urllib3 = [
-    {file = "urllib3-1.26.7-py2.py3-none-any.whl", hash = "sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844"},
-    {file = "urllib3-1.26.7.tar.gz", hash = "sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece"},
-]
--- a/python-setup/tests/poetry/requests-3/poetry.lock
+++ b/python-setup/tests/poetry/requests-3/poetry.lock
@@ -1,3 +1,5 @@
+# This file is automatically @generated by Poetry 1.4.2 and should not be changed by hand.
+
 [[package]]
 name = "certifi"
 version = "2022.12.7"
@@ -5,6 +7,10 @@ description = "Python package for providing Mozilla's CA Bundle."
 category = "main"
 optional = false
 python-versions = ">=3.6"
+files = [
+    {file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
+    {file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
+]

 [[package]]
 name = "charset-normalizer"
@@ -13,6 +19,10 @@ description = "The Real First Universal Charset Detector. Open, modern and activ
 category = "main"
 optional = false
 python-versions = ">=3.5.0"
+files = [
+    {file = "charset-normalizer-2.0.7.tar.gz", hash = "sha256:e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"},
+    {file = "charset_normalizer-2.0.7-py3-none-any.whl", hash = "sha256:f7af805c321bfa1ce6714c51f254e0d5bb5e5834039bc17db7ebe3a4cec9492b"},
+]

 [package.extras]
 unicode-backport = ["unicodedata2"]
@@ -24,24 +34,32 @@ description = "Internationalized Domain Names in Applications (IDNA)"
 category = "main"
 optional = false
 python-versions = ">=3.5"
+files = [
+    {file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"},
+    {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
+]

 [[package]]
 name = "requests"
-version = "2.26.0"
+version = "2.31.0"
 description = "Python HTTP for Humans."
 category = "main"
 optional = false
-python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
+python-versions = ">=3.7"
+files = [
+    {file = "requests-2.31.0-py3-none-any.whl", hash = "sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f"},
+    {file = "requests-2.31.0.tar.gz", hash = "sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1"},
+]

 [package.dependencies]
 certifi = ">=2017.4.17"
-charset-normalizer = {version = ">=2.0.0,<2.1.0", markers = "python_version >= \"3\""}
-idna = {version = ">=2.5,<4", markers = "python_version >= \"3\""}
-urllib3 = ">=1.21.1,<1.27"
+charset-normalizer = ">=2,<4"
+idna = ">=2.5,<4"
+urllib3 = ">=1.21.1,<3"

 [package.extras]
-socks = ["PySocks (>=1.5.6,!=1.5.7)", "win-inet-pton"]
-use-chardet-on-py3 = ["chardet (>=3.0.2,<5)"]
+socks = ["PySocks (>=1.5.6,!=1.5.7)"]
+use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]

 [[package]]
 name = "urllib3"
@@ -50,6 +68,10 @@ description = "HTTP library with thread-safe connection pooling, file post, and
 category = "main"
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
+files = [
+    {file = "urllib3-1.26.7-py2.py3-none-any.whl", hash = "sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844"},
+    {file = "urllib3-1.26.7.tar.gz", hash = "sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece"},
+]

 [package.extras]
 brotli = ["brotlipy (>=0.6.0)"]
@@ -57,28 +79,6 @@ secure = ["certifi", "cryptography (>=1.3.4)", "idna (>=2.0.0)", "ipaddress", "p
 socks = ["PySocks (>=1.5.6,!=1.5.7,<2.0)"]

 [metadata]
-lock-version = "1.1"
-python-versions = "^3.6"
-content-hash = "3186fede9fea5b617c0bcebda3034f2d889a3c4579d60dd45945772895a28b7d"
-
-[metadata.files]
-certifi = [
-    {file = "certifi-2022.12.7-py3-none-any.whl", hash = "sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18"},
-    {file = "certifi-2022.12.7.tar.gz", hash = "sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3"},
-]
-charset-normalizer = [
-    {file = "charset-normalizer-2.0.7.tar.gz", hash = "sha256:e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"},
-    {file = "charset_normalizer-2.0.7-py3-none-any.whl", hash = "sha256:f7af805c321bfa1ce6714c51f254e0d5bb5e5834039bc17db7ebe3a4cec9492b"},
-]
-idna = [
-    {file = "idna-3.3-py3-none-any.whl", hash = "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff"},
-    {file = "idna-3.3.tar.gz", hash = "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"},
-]
-requests = [
-    {file = "requests-2.26.0-py2.py3-none-any.whl", hash = "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24"},
-    {file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"},
-]
-urllib3 = [
-    {file = "urllib3-1.26.7-py2.py3-none-any.whl", hash = "sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844"},
-    {file = "urllib3-1.26.7.tar.gz", hash = "sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece"},
-]
+lock-version = "2.0"
+python-versions = "^3.7"
+content-hash = "05ba07023dd383fd84c8e4945f1eae1aac30917ad1e4c10fb03e8235fcf3c248"
--- a/python-setup/tests/poetry/requests-3/pyproject.toml
+++ b/python-setup/tests/poetry/requests-3/pyproject.toml
@@ -5,7 +5,7 @@ description = ""
 authors = ["Your Name <you@example.com>"]

 [tool.poetry.dependencies]
-python = "^3.6"
+python = "^3.7"
 requests = "*"

 [tool.poetry.dev-dependencies]
--- a/python-setup/tests/requirements/non-standard-location/non-standard/requirements.txt
+++ b/python-setup/tests/requirements/non-standard-location/non-standard/requirements.txt
@@ -1 +1 @@
-requests==2.26.0
+requests==2.31.0
--- a/python-setup/tests/requirements/requests-3/requirements.txt
+++ b/python-setup/tests/requirements/requests-3/requirements.txt
@@ -1 +1 @@
-requests==2.26.0
+requests==2.31.0
--- a/python-setup/tests/setup_py/requests-3/setup.py
+++ b/python-setup/tests/setup_py/requests-3/setup.py
@@ -7,6 +7,6 @@ from setuptools import setup

 setup(
    name="example-setup.py",
-    install_requires=["requests==2.26.0"],
+    install_requires=["requests==2.31.0"],
    python_requires='>=3.7',
 )
--- a/queries/codeql-pack.lock.yml
+++ b/queries/codeql-pack.lock.yml
@@ -0,0 +1,14 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql-javascript:
+    version: 0.6.1
+  codeql/regex:
+    version: 0.0.12
+  codeql/tutorial:
+    version: 0.0.9
+  codeql/util:
+    version: 0.0.9
+  codeql/yaml:
+    version: 0.0.1
+compiled: false
--- a/queries/codeql-pack.yml
+++ b/queries/codeql-pack.yml
@@ -1,4 +1,4 @@
 name: codeql-action-custom-queries-javascript
 version: 0.0.0
-libraryPathDependencies: codeql-javascript
-
+dependencies:
+  codeql/javascript-all: 0.6.1
--- a/queries/default-setup-environment-variables.ql
+++ b/queries/default-setup-environment-variables.ql
@@ -0,0 +1,52 @@
+/**
+ * @name Some environment variables may not exist in default setup workflows
+ * @id javascript/codeql-action/default-setup-env-vars
+ * @kind problem
+ * @severity warning
+ */
+
+import javascript
+
+bindingset[envVar]
+predicate isSafeForDefaultSetup(string envVar) {
+  // Ignore internal Code Scanning environment variables
+  envVar.matches("CODE_SCANNING_%") or
+  envVar.matches("CODEQL_%") or
+  envVar.matches("CODESCANNING_%") or
+  envVar.matches("LGTM_%") or
+  // We flag up usage of potentially unsafe parts of the GitHub event in `default-setup-event-context.ql`.
+  envVar = "GITHUB_EVENT_PATH" or
+  // The following environment variables are known to be safe for use with default setup
+  envVar =
+    [
+      "GITHUB_ACTION_REF", "GITHUB_ACTION_REPOSITORY", "GITHUB_ACTOR", "GITHUB_API_URL",
+      "GITHUB_BASE_REF", "GITHUB_EVENT_NAME", "GITHUB_JOB", "GITHUB_RUN_ATTEMPT", "GITHUB_RUN_ID",
+      "GITHUB_SHA", "GITHUB_REPOSITORY", "GITHUB_SERVER_URL", "GITHUB_TOKEN", "GITHUB_WORKFLOW",
+      "GITHUB_WORKSPACE", "GOFLAGS", "JAVA_TOOL_OPTIONS", "RUNNER_ARCH", "RUNNER_NAME", "RUNNER_OS",
+      "RUNNER_TEMP", "RUNNER_TOOL_CACHE"
+    ]
+}
+
+predicate envVarRead(DataFlow::Node node, string envVar) {
+  node =
+    any(DataFlow::PropRead read |
+      read = NodeJSLib::process().getAPropertyRead("env").getAPropertyRead() and
+      envVar = read.getPropertyName()
+    ) or
+  node =
+    any(DataFlow::CallNode call |
+      call.getCalleeName().matches("get%EnvParam") and
+      envVar = call.getArgument(0).getStringValue()
+    )
+}
+
+from DataFlow::Node read, string envVar
+where
+  envVarRead(read, envVar) and
+  not isSafeForDefaultSetup(envVar)
+select read,
+  "The environment variable " + envVar +
+    " may not exist in default setup workflows. If all uses are safe, add it to the list of " +
+    "environment variables that are known to be safe in " +
+    "'queries/default-setup-environment-variables.ql'. If this use is safe but others are not, " +
+    "dismiss this alert as a false positive."
--- a/queries/default-setup-event-context.ql
+++ b/queries/default-setup-event-context.ql
@@ -0,0 +1,58 @@
+/**
+ * @name Some context properties may not exist in default setup workflows
+ * @id javascript/codeql-action/default-setup-context-properties
+ * @kind path-problem
+ * @severity warning
+ */
+
+import javascript
+import DataFlow::PathGraph
+
+class NotParsedLabel extends DataFlow::FlowLabel {
+  NotParsedLabel() { this = "not-parsed" }
+}
+
+class ParsedLabel extends DataFlow::FlowLabel {
+  ParsedLabel() { this = "parsed" }
+}
+
+class EventContextAccessConfiguration extends DataFlow::Configuration {
+  EventContextAccessConfiguration() { this = "EventContextAccessConfiguration" }
+
+  override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) {
+    source = NodeJSLib::process().getAPropertyRead("env").getAPropertyRead("GITHUB_EVENT_PATH") and
+    lbl instanceof NotParsedLabel
+  }
+
+  override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel lbl) {
+    sink instanceof DataFlow::PropRead and
+    lbl instanceof ParsedLabel and
+    not exists(DataFlow::PropRead n | sink = n.getBase()) and
+    not sink.asExpr().getFile().getBaseName().matches("%.test.ts")
+  }
+
+  override predicate isAdditionalFlowStep(
+    DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
+  ) {
+    src = trg.(FileSystemReadAccess).getAPathArgument() and inlbl = outlbl
+    or
+    exists(JsonParserCall c |
+      src = c.getInput() and
+      trg = c.getOutput() and
+      inlbl instanceof NotParsedLabel and
+      outlbl instanceof ParsedLabel
+    )
+    or
+    (
+      TaintTracking::sharedTaintStep(src, trg) or
+      DataFlow::SharedFlowStep::step(src, trg) or
+      DataFlow::SharedFlowStep::step(src, trg, _, _)
+    ) and
+    inlbl = outlbl
+  }
+}
+
+from EventContextAccessConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+where cfg.hasFlowPath(source, sink)
+select sink.getNode(), source, sink,
+  "This event context property may not exist in default setup workflows."
--- a/queries/inconsistent-action-input.ql
+++ b/queries/inconsistent-action-input.ql
@@ -4,7 +4,7 @@
 *   must be defined in an identical way to avoid confusion for the user.
 *   This also makes writing queries like required-action-input.ql easier.
 * @kind problem
- * @problem.severity error
+ * @severity error
 * @id javascript/codeql-action/inconsistent-action-input
 */

@@ -15,7 +15,9 @@ import javascript
 */
 class ActionDeclaration extends File {
  ActionDeclaration() {
-    getRelativePath().matches("%/action.yml")
+    getRelativePath().matches("%/action.yml") and
+    // Ignore internal Actions
+    not getRelativePath().matches(".github/actions/%")
  }

  /**
@@ -25,19 +27,19 @@ class ActionDeclaration extends File {
    result = getRelativePath().regexpCapture("(.*)/action.yml", 1)
  }

-  YAMLDocument getRootNode() {
+  YamlDocument getRootNode() {
    result.getFile() = this
  }

-  YAMLValue getInput(string inputName) {
-    result = getRootNode().(YAMLMapping).lookup("inputs").(YAMLMapping).lookup(inputName)
+  YamlValue getInput(string inputName) {
+    result = getRootNode().(YamlMapping).lookup("inputs").(YamlMapping).lookup(inputName)
  }
 }

-predicate areNotEquivalent(YAMLValue x, YAMLValue y) {
+predicate areNotEquivalent(YamlValue x, YamlValue y) {
  x.getTag() != y.getTag()
  or
-  x.(YAMLScalar).getValue() != y.(YAMLScalar).getValue()
+  x.(YamlScalar).getValue() != y.(YamlScalar).getValue()
  or
  x.getNumChild() != y.getNumChild()
  or
--- a/src/actions-util.test.ts
+++ b/src/actions-util.test.ts
@@ -214,6 +214,7 @@ test("initializeEnvironment", (t) => {
 });

 test("isAnalyzingDefaultBranch()", async (t) => {
+  process.env["GITHUB_EVENT_NAME"] = "push";
  process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "true";
  t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
  process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "false";
@@ -264,14 +265,3 @@ test("isAnalyzingDefaultBranch()", async (t) => {
    getAdditionalInputStub.restore();
  });
 });
-
-test("workflowEventName()", async (t) => {
-  process.env["GITHUB_EVENT_NAME"] = "push";
-  t.deepEqual(actionsutil.workflowEventName(), "push");
-
-  process.env["GITHUB_EVENT_NAME"] = "dynamic";
-  t.deepEqual(actionsutil.workflowEventName(), "dynamic");
-
-  process.env["CODESCANNING_EVENT_NAME"] = "push";
-  t.deepEqual(actionsutil.workflowEventName(), "push");
-});
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@@ -108,7 +108,7 @@ export const getCommitOid = async function (
 export const determineMergeBaseCommitOid = async function (): Promise<
  string | undefined
 > {
-  if (workflowEventName() !== "pull_request") {
+  if (getWorkflowEventName() !== "pull_request") {
    return undefined;
  }

@@ -168,7 +168,7 @@ export const determineMergeBaseCommitOid = async function (): Promise<
 *
 * This will combine the workflow path and current job name.
 * Computing this the first time requires making requests to
- * the github API, but after that the result will be cached.
+ * the GitHub API, but after that the result will be cached.
 */
 export async function getAnalysisKey(): Promise<string> {
  const analysisKeyEnvVar = "CODEQL_ACTION_ANALYSIS_KEY";
@@ -540,7 +540,10 @@ export async function sendStatusReport<S extends StatusReportBase>(
    if (isHTTPError(e)) {
      switch (e.status) {
        case 403:
-          if (workflowIsTriggeredByPushEvent() && isDependabotActor()) {
+          if (
+            getWorkflowEventName() === "push" &&
+            process.env["GITHUB_ACTOR"] === "dependabot[bot]"
+          ) {
            core.setFailed(
              'Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
                "Uploading Code Scanning results requires write access. " +
@@ -576,30 +579,19 @@ export async function sendStatusReport<S extends StatusReportBase>(
  }
 }

-export function workflowEventName() {
-  // If the original event is dynamic CODESCANNING_EVENT_NAME will contain the right info (push/pull_request)
-  if (process.env["GITHUB_EVENT_NAME"] === "dynamic") {
-    const value = process.env["CODESCANNING_EVENT_NAME"];
-    if (value === undefined || value.length === 0) {
-      return process.env["GITHUB_EVENT_NAME"];
-    }
-    return value;
-  }
-  return process.env["GITHUB_EVENT_NAME"];
+/**
+ * Returns the name of the event that triggered this workflow.
+ *
+ * This will be "dynamic" for default setup workflow runs.
+ */
+export function getWorkflowEventName() {
+  return getRequiredEnvParam("GITHUB_EVENT_NAME");
 }

-// Was the workflow run triggered by a `push` event, for example as opposed to a `pull_request` event.
-function workflowIsTriggeredByPushEvent() {
-  return workflowEventName() === "push";
-}
-
-// Is dependabot the actor that triggered the current workflow run.
-function isDependabotActor() {
-  return process.env["GITHUB_ACTOR"] === "dependabot[bot]";
-}
-
-// Is the current action executing a local copy (i.e. we're running a workflow on the codeql-action repo itself)
-// as opposed to running a remote action (i.e. when another repo references us)
+/**
+ * Returns whether the current workflow is executing a local copy of the Action, e.g. we're running
+ * a workflow on the codeql-action repo itself.
+ */
 export function isRunningLocalAction(): boolean {
  const relativeScriptPath = getRelativeScriptPath();
  return (
@@ -607,15 +599,18 @@ export function isRunningLocalAction(): boolean {
  );
 }

-// Get the location where the action is running from.
-// This can be used to get the actions name or tell if we're running a local action.
+/**
+ * Get the location where the Action is running from.
+ *
+ * This can be used to get the Action's name or tell if we're running a local Action.
+ */
 export function getRelativeScriptPath(): string {
  const runnerTemp = getRequiredEnvParam("RUNNER_TEMP");
  const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
  return path.relative(actionsDirectory, __filename);
 }

-// Reads the contents of GITHUB_EVENT_PATH as a JSON object
+/** Returns the contents of `GITHUB_EVENT_PATH` as a JSON object. */
 function getWorkflowEvent(): any {
  const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH");
  try {
@@ -631,10 +626,13 @@ function removeRefsHeadsPrefix(ref: string): string {
  return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
 }

-// Returns whether we are analyzing the default branch for the repository.
-// For cases where the repository information might not be available (e.g.,
-// dynamic workflows), this can be forced by the environment variable
-// CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH.
+/**
+ * Returns whether we are analyzing the default branch for the repository.
+ *
+ * This first checks the environment variable `CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH`. This
+ * environment variable can be set in cases where repository information might not be available, for
+ * example dynamic workflows.
+ */
 export async function isAnalyzingDefaultBranch(): Promise<boolean> {
  if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") {
    return true;
@@ -647,8 +645,8 @@ export async function isAnalyzingDefaultBranch(): Promise<boolean> {
  const event = getWorkflowEvent();
  let defaultBranch = event?.repository?.default_branch;

-  if (process.env.GITHUB_EVENT_NAME === "schedule") {
-    defaultBranch = removeRefsHeadsPrefix(getRequiredEnvParam("GITHUB_REF"));
+  if (getWorkflowEventName() === "schedule") {
+    defaultBranch = removeRefsHeadsPrefix(getRefFromEnv());
  }

  return currentRef === defaultBranch;
@@ -687,7 +685,10 @@ export async function printDebugLogs(config: Config) {

 export type UploadKind = "always" | "failure-only" | "never";

-// Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload inputs appropriately.
+/**
+ * Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload
+ * inputs appropriately.
+ */
 export function getUploadValue(input: string | undefined): UploadKind {
  switch (input) {
    case undefined:
--- a/src/analyze.ts
+++ b/src/analyze.ts
@@ -92,7 +92,10 @@ async function setupPythonExtractor(
  }

  if (
-    await features.getValue(Feature.DisablePythonDependencyInstallation, codeql)
+    await features.getValue(
+      Feature.DisablePythonDependencyInstallationEnabled,
+      codeql
+    )
  ) {
    logger.warning(
      "We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
@@ -352,7 +355,7 @@ export async function runQueries(
        logger.endGroup();
        logger.info(analysisSummary);
      }
-      logger.info(await runPrintLinesOfCode(language));
+      await runPrintLinesOfCode(language);
    } catch (e) {
      logger.info(String(e));
      if (e instanceof Error) {
--- a/src/api-compatibility.json
+++ b/src/api-compatibility.json
@@ -1 +1 @@
-{"maximumVersion": "3.9", "minimumVersion": "3.5"}
+{"maximumVersion": "3.10", "minimumVersion": "3.6"}
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-20230428",
-  "cliVersion": "2.13.1",
-  "priorBundleVersion": "codeql-bundle-20230414",
-  "priorCliVersion": "2.13.0"
+  "bundleVersion": "codeql-bundle-20230524",
+  "cliVersion": "2.13.3",
+  "priorBundleVersion": "codeql-bundle-20230428",
+  "priorCliVersion": "2.13.1"
 }
--- a/src/feature-flags.ts
+++ b/src/feature-flags.ts
@@ -39,11 +39,11 @@ export interface FeatureEnablement {
 export enum Feature {
  CliConfigFileEnabled = "cli_config_file_enabled",
  DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
+  DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
  ExportCodeScanningConfigEnabled = "export_code_scanning_config_enabled",
  ExportDiagnosticsEnabled = "export_diagnostics_enabled",
  MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
  UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
-  DisablePythonDependencyInstallation = "disable_python_dependency_installation",
 }

 export const featureConfig: Record<
@@ -81,7 +81,7 @@ export const featureConfig: Record<
    minimumVersion: "2.11.3",
    defaultValue: true,
  },
-  [Feature.DisablePythonDependencyInstallation]: {
+  [Feature.DisablePythonDependencyInstallationEnabled]: {
    envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
    // Although the python extractor only started supporting not extracting installed
    // dependencies in 2.13.1, the init-action can still benefit from not installing
--- a/src/init-action.ts
+++ b/src/init-action.ts
@@ -279,7 +279,7 @@ async function run() {
    ) {
      if (
        await features.getValue(
-          Feature.DisablePythonDependencyInstallation,
+          Feature.DisablePythonDependencyInstallationEnabled,
          codeql
        )
      ) {
@@ -343,7 +343,7 @@ async function run() {
    // Disable Python dependency extraction if feature flag set
    if (
      await features.getValue(
-        Feature.DisablePythonDependencyInstallation,
+        Feature.DisablePythonDependencyInstallationEnabled,
        codeql
      )
    ) {
--- a/src/trap-caching.ts
+++ b/src/trap-caching.ts
@@ -99,7 +99,7 @@ export async function downloadTrapCaches(
  let baseSha = "unknown";
  const eventPath = process.env.GITHUB_EVENT_PATH;
  if (
-    actionsUtil.workflowEventName() === "pull_request" &&
+    actionsUtil.getWorkflowEventName() === "pull_request" &&
    eventPath !== undefined
  ) {
    const event = JSON.parse(fs.readFileSync(path.resolve(eventPath), "utf-8"));
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@@ -293,7 +293,7 @@ export function buildPayload(
    base_sha: undefined as undefined | string,
  };

-  if (actionsUtil.workflowEventName() === "pull_request") {
+  if (actionsUtil.getWorkflowEventName() === "pull_request") {
    if (
      commitOid === util.getRequiredEnvParam("GITHUB_SHA") &&
      mergeBaseCommitOid
Author	SHA1	Message	Date
Angela P Wen	6c089f53dd	Merge pull request #1730 from github/update-v2.20.0-d5b7b3823 Merge main into releases/v2	2023-06-13 11:22:32 -07:00
github-actions[bot]	484d2f8088	Update changelog for v2.20.0	2023-06-13 17:50:40 +00:00
Angela P Wen	d5b7b38233	Bump Action version to 2.20.0 (#1729 )	2023-06-13 17:46:13 +00:00
Henry Mercer	543e4689d0	Merge pull request #1725 from github/henrymercer/fix-flag-name Fix the name of the disable Python dependency installation feature flag	2023-06-12 21:16:13 +01:00
Henry Mercer	c92053157f	Address review comments Co-authored-by: Angela P Wen <angelapwen@github.com>	2023-06-12 19:31:25 +01:00
Henry Mercer	bce99ca79f	Fix the name of the disable Python dependency installation feature flag	2023-06-12 11:55:51 +01:00
Henry Mercer	e287d85c90	Merge pull request #1723 from github/update-supported-enterprise-server-versions Update supported GitHub Enterprise Server versions	2023-06-12 11:45:24 +01:00
github-actions[bot]	cd5b1ee5cf	Update supported GitHub Enterprise Server versions	2023-06-10 00:11:27 +00:00
Henry Mercer	5dcc7c296d	Merge pull request #1719 from github/update-supported-enterprise-server-versions Update supported GitHub Enterprise Server versions	2023-06-09 14:11:48 +01:00
github-actions[bot]	921d191150	Update supported GitHub Enterprise Server versions	2023-06-07 00:12:13 +00:00
Angela P Wen	cdcdbb5797	PR checks: stop setting experimental Swift var for new CLI versions (#1718 ) Now that `latest` and `cached` are both 2.13.3, which is the version in which we GA'ed Swift, we should stop setting this experimental variable when we test these CLI versions so we can test the case where the variable is unset.	2023-06-06 08:49:09 -07:00
Henry Mercer	8b0f2cf9da	Merge pull request #1717 from github/henrymercer/fix-changelog Fix changelog for 2.3.6	2023-06-05 19:44:53 +01:00
Henry Mercer	a35a881b65	Fix changelog for 2.3.6	2023-06-05 19:14:03 +01:00
Henry Mercer	d8667207b6	Merge pull request #1714 from github/mergeback/v2.3.6-to-main-83f0fe6c Mergeback v2.3.6 refs/heads/releases/v2 into main	2023-06-05 19:12:50 +01:00
Henry Mercer	926a4898bc	Merge pull request #1712 from github/henrymercer/remove-unused-env-var Remove unused `CODESCANNING_EVENT_NAME` environment variable	2023-06-01 18:28:45 +01:00
github-actions[bot]	5c63cc5b1c	Update checked-in dependencies	2023-06-01 15:34:00 +00:00
github-actions[bot]	30a3b9a904	Update changelog and version after v2.3.6	2023-06-01 15:27:36 +00:00
Alexander Eyers-Taylor	83f0fe6c49	Merge pull request #1713 from github/update-v2.3.6-96f284028 Merge main into releases/v2	2023-06-01 16:25:43 +01:00
github-actions[bot]	5c8f4be0e9	Update changelog for v2.3.6	2023-06-01 13:04:31 +00:00
Henry Mercer	96f2840282	Merge pull request #1711 from github/henrymercer/improve-supported-versions-update Improve automation for updating supported versions of GHES	2023-05-31 18:26:51 +01:00
Henry Mercer	dfc31c9995	Convert `actions-util` docs to JSDoc	2023-05-31 17:49:42 +01:00
Henry Mercer	019a40b91a	Inline checks for producing a better error message for Dependabot PRs	2023-05-31 17:42:45 +01:00
Henry Mercer	ae005db7f8	Merge branch 'main' into henrymercer/remove-unused-env-var	2023-05-31 17:41:04 +01:00
Henry Mercer	89c4c9e65c	Merge pull request #1678 from github/henrymercer/default-setup-safeguarding Flag up functionality that may not exist in default setup workflows	2023-05-31 17:33:30 +01:00
Henry Mercer	26f16a5e63	Rephrase the still supported calculation to make it clearer	2023-05-31 17:20:39 +01:00
Henry Mercer	955f8596ae	Fix sign error	2023-05-31 16:49:34 +01:00
Henry Mercer	e7cff66ce1	Fix push	2023-05-31 16:35:12 +01:00
Henry Mercer	bf419682de	Remove unused `CODESCANNING_EVENT_NAME` environment variable	2023-05-31 15:37:11 +01:00
Henry Mercer	afdba76326	Wait a week before dropping support for end of life GHES versions	2023-05-31 15:00:19 +01:00
Henry Mercer	07e43a2208	Open PR with gh CLI	2023-05-31 14:39:03 +01:00
Henry Mercer	9632771630	Address review comments	2023-05-31 14:23:43 +01:00
Alexander Eyers-Taylor	9d2dd7cfea	Merge pull request #1698 from github/update-bundle/codeql-bundle-20230524 Update default bundle to 2.13.3	2023-05-31 12:29:26 +01:00
Henry Mercer	d427c89ed7	Ignore internal Actions	2023-05-30 20:31:56 +01:00
Henry Mercer	125ff5530c	Fix deprecation warnings	2023-05-30 20:31:40 +01:00
Henry Mercer	86ead5e019	Only flag up the deepest properties	2023-05-30 19:50:56 +01:00
Henry Mercer	eb1c7a3887	Use `getRefFromEnv()` so ref is present on default setup	2023-05-30 19:39:53 +01:00
Henry Mercer	6bd8101752	Merge pull request #1709 from github/henrymercer/print-baseline-once Only print lines of code information once	2023-05-26 21:03:22 +01:00
Henry Mercer	2408985f4e	Only print lines of code information once CodeQL already prints it, so we don't need to print it again.	2023-05-26 20:34:30 +01:00
Henry Mercer	f8b1cb6997	Merge pull request #1695 from github/henrymercer/update-requests PR checks: Update requests to 2.31.0	2023-05-26 11:10:44 +01:00
Andrew Eisenberg	2d031a36d6	Merge pull request #1707 from github/mergeback/v2.3.5-to-main-0225834c Mergeback v2.3.5 refs/heads/releases/v2 into main	2023-05-25 12:50:21 -07:00
github-actions[bot]	1ba7713018	Update checked-in dependencies	2023-05-25 19:23:44 +00:00
github-actions[bot]	339e0d5afb	Update changelog and version after v2.3.5	2023-05-25 19:12:36 +00:00
Henry Mercer	65920dd33a	Unconditionally set up Swift in debug artifacts PR check	2023-05-24 18:28:18 +01:00
Henry Mercer	60f5c59630	Merge branch 'main' into update-bundle/codeql-bundle-20230524	2023-05-24 18:04:09 +01:00
Henry Mercer	143b5fb429	Merge branch 'main' into henrymercer/update-requests	2023-05-24 18:00:08 +01:00
github-actions[bot]	34e8e09ae4	Add changelog note	2023-05-24 16:01:57 +00:00
github-actions[bot]	4f41ff7fc8	Update default bundle to codeql-bundle-20230524	2023-05-24 16:01:53 +00:00
Henry Mercer	6e92b190d0	Bump requests to 2.31.0	2023-05-23 17:07:30 +01:00
Henry Mercer	292bb7c0b9	Parameterize check scripts over requests version	2023-05-23 17:07:30 +01:00
Henry Mercer	eac5e24aee	Downgrade query severity to warning	2023-05-16 11:06:13 +01:00
Henry Mercer	8065746a2a	Add query to find context variables that may not work with default setup	2023-05-12 19:35:08 +01:00
Henry Mercer	abb267d186	Add query to identify env vars that may not work with default setup	2023-05-12 18:46:31 +01:00
Henry Mercer	9953504776	Use new packaging mechanism for internal queries	2023-05-11 18:43:36 +01:00